marko10_000
/
wine-wine
forked from Mirrors/wine-wine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gdi32: Tighten range checking in PlayEnhMetaFileRecord() and remove four useless checks.

oldstable
Gerald Pfeifer 2008-01-06 18:42:57 +01:00 committed by Alexandre Julliard
parent ad92cdcf55
commit 43837ed227
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
dlls/gdi32/enhmetafile.c
View File

@ -1669,11 +1669,13 @@ BOOL WINAPI PlayEnhMetaFileRecord(
const EMRCREATEDIBPATTERNBRUSHPT *lpCreate = (const EMRCREATEDIBPATTERNBRUSHPT *)mr;
LPVOID lpPackedStruct;
/* check that offsets and data are contained within the record */
if ( !( (lpCreate->cbBmi>=0) && (lpCreate->cbBits>=0) &&
(lpCreate->offBmi>=0) && (lpCreate->offBits>=0) &&
((lpCreate->offBmi +lpCreate->cbBmi ) <= mr->nSize) &&
((lpCreate->offBits+lpCreate->cbBits) <= mr->nSize) ) )
/* Check that offsets and data are contained within the record
* (including checking for wrap arounds).
*/
if ( lpCreate->offBmi + lpCreate->cbBmi > mr->nSize
|| lpCreate->offBits + lpCreate->cbBits > mr->nSize
|| lpCreate->offBmi + lpCreate->cbBmi < lpCreate->offBmi
|| lpCreate->offBits + lpCreate->cbBits < lpCreate->offBits )
{
ERR("Invalid EMR_CREATEDIBPATTERNBRUSHPT record\n");
break;